⚠️ 🚨 It’s time to stop using Blabber.im 🚨⚠️
The abandoned fork of #Conversations_im has a critical security issue: attackers can bypass STARTTLS negotiation, resulting in an unencrypted connection to a fake server. This vulnerability is similar to the STARTLS attack discovered in various email clients¹
✅ Fixed in Conversations 2.13.1 (Feb 2024)
📢 Please migrate to Conversations immediately! It's free on Google Play until the end of the year and always free on #fdroid
¹: https://archive.fosdem.org/2024/schedule/event/fosdem-2024-2179--protocols-security-of-starttls-in-the-e-mail-context/
=> More informations about this toot | View the thread | More toots from daniel@gultsch.social
=> View conversations_im tag | View fdroid tag This content has been proxied by September (ba2dc).Proxy Information
text/gemini